Penetration Tester

About TableCheck Inc.

TableCheck is a leading restaurant management platform that helps restaurants optimize their operations and enhance guest experiences. As we continue to grow and handle sensitive customer and business data, we are committed to maintaining the highest standards of security and compliance.

 

Position Overview

We are seeking an experienced Penetration Tester to conduct comprehensive security assessments of our web applications and cloud infrastructure. This role is critical in ensuring our compliance with ISO27001 and SOC2 standards while identifying and helping remediate security vulnerabilities before they can be exploited.

The ideal candidate will have extensive experience in web application penetration testing, particularly in large-scale environments, and the ability to communicate complex technical findings to both technical and non-technical stakeholders.

 

Key Responsibilities

Technical Responsibilities

• Conduct comprehensive penetration tests on web applications, APIs, and cloud infrastructure
• Perform security assessments following OWASP Testing Guide and PTES methodologies
• Identify and exploit vulnerabilities in accordance with the OWASP Top 10
• Execute both automated and manual testing techniques
• Develop proof-of-concept exploits to demonstrate vulnerability impact
• Assess AWS cloud environment security configurations
• Perform post-exploitation activities including privilege escalation and lateral movement
• Validate remediation efforts through retesting

 

Compliance & Reporting

• Ensure penetration testing meets ISO27001, SOC2, and other compliance requirements
• Produce comprehensive technical reports with CVSS scoring
• Create executive summaries that translate technical risks into business impact
• Provide attestation letters for compliance purposes

 

Communication & Collaboration

• Present findings to technical teams and management
• Provide clear, actionable remediation guidance
• Collaborate with development teams to understand application architecture

 

Required Qualifications

Experience

• Minimum 3+ years of hands-on penetration testing experience
• Proven track record of conducting web application penetration tests on large, complex environments
• Demonstrated experience with enterprise-scale assessments
• Prior experience with compliance-driven penetration testing (ISO27001, SOC2, and/or PCI-DSS) is a pre, but does have our preference

 

Technical Skills

• Expert proficiency with web penetration testing tools including but not limited to:
  • Burp Suite Professional
  • OWASP ZAP
  • Nmap
  • Metasploit Framework
  • SQLMap
  • Custom scripting tools
• Deep understanding of the OWASP Top 10 vulnerabilities and testing methodologies
• Comprehensive knowledge of PTES (Penetration Testing Execution Standard) technical guidelines
• Strong understanding of web technologies: HTTP/HTTPS, REST APIs, JavaScript, SQL, etc.
• Experience with AWS environments including:
  • EC2, S3, RDS, Lambda
  • IAM policies and roles
  • VPC and network security
  • AWS-specific attack vectors
• Proficiency in scripting languages (Python, Bash, PowerShell, etc.)
• Knowledge of common web frameworks and their security implications

 

Professional Certifications (Required)

• Must hold at least ONE medior/senior-level penetration testing certification:

Note: Junior certifications (CEH, Security+, PenTest+, etc.) alone are NOT sufficient for this role.

 

Communication Skills

• Excellent technical writing skills in English for detailed pentest reports
• Outstanding non-technical writing abilities for executive summaries and business communications
• Proven ability to translate complex technical vulnerabilities into business risk language
• Strong documentation skills for creating testing methodologies and procedures

 

Compliance Knowledge

• Understanding of penetration testing requirements within:
  • ISO/IEC 27001:2023 framework
  • SOC2 Type I/II criteria
  • PCI-DSS requirements (preferred)
• Experience providing compliance attestation and evidence
• Knowledge of regulatory requirements affecting security testing

 

Preferred Qualifications

Language Skills

• Japanese language proficiency is not required, but is very welcome

 

Additional Technical Skills

• Knowledge of container penetration testing (Docker, Kubernetes)
• Experience with infrastructure as code (Terraform)

 

Additional Certifications (Nice to Have)

• OSWE (Offensive Security Web Expert)